feat(execution): create a package metadata object at publish time#9461
Merged
miker83z merged 5 commits intovm-lang/aa-auth/8805-beta-feature-branchfrom Dec 4, 2025
Conversation
|
The latest updates on your projects. Learn more about Vercel for GitHub. 6 Skipped Deployments
|
iota-ci
added
the
sc-platform
alexsporn
reviewed
Nov 28, 2025
8 tasks
miker83z
force-pushed
the
vm-lang/aa-auth/authenticator-and-package-metadata
branch
2 times, most recently
from
5288473 to
570d91a
Compare
thibault-martinez
approved these changes
Dec 1, 2025
Member
thibault-martinez
left a comment
thibault-martinez
left a comment
There was a problem hiding this comment.
Approving crates/iota-open-rpc/spec/openrpc.json
kodemartin
approved these changes
Dec 1, 2025
bingyanglin
approved these changes
Dec 2, 2025
Base automatically changed from
vm-lang/cherry-pick-for-move-view
to
vm-lang/aa-auth/8805-beta-feature-branch
December 2, 2025 12:59
Co-authored-by: Valerii Reutov <valeriy.reutov@gmail.com> Co-authored-by: Pavlo Botnar <pavlo.botnar@gmail.com>
miker83z
force-pushed
the
vm-lang/aa-auth/authenticator-and-package-metadata
branch
from
9a4832e to
84c27eb
Compare
valeriyr
approved these changes
Dec 3, 2025
Dkwcs
reviewed
Dec 3, 2025
crates/iota-framework/packages/iota-framework/sources/package_metadata.move
Show resolved
Hide resolved
Dkwcs
approved these changes
Dec 3, 2025
alexsporn
reviewed
Dec 3, 2025
|
|
||
| // === Constants === | ||
|
|
||
| const EInvalidEnumVariant: u64 = 0; |
Member
There was a problem hiding this comment.
Why not use the newer error syntax?
Contributor
Author
There was a problem hiding this comment.
Removed in ac957d3. Now public functions return options.
alexsporn
reviewed
Dec 3, 2025
| MergeCoins(Argument, vector<Argument>), | ||
| Publish(vector<vector<u8>>, vector<ID>), | ||
| MakeMoveVec(Option<TypeName>, vector<Argument>), | ||
| Upgrade(vector<vector<u8>>, vector<ID>, ID, Argument), |
Member
There was a problem hiding this comment.
Maybe add comments here to explain the fields
Contributor
Author
There was a problem hiding this comment.
In ac957d3 these now have dedicated structs.
alexsporn
reviewed
Dec 3, 2025
| } | ||
| } | ||
|
|
||
| // TODO: add a deserializer that can handle the Command::MoveCall and |
Contributor
Author
There was a problem hiding this comment.
Currently we have no need of a deserializer (we have no usage from Move->Rust but only from Rust->Move). In any case we plan dedicated structs for a new AuthContext version (see #9505) that will probably not need dedicated de/serializers.
Do you think I should I remove the todo?
miker83z
merged commit 35a7637
into
vm-lang/aa-auth/8805-beta-feature-branch
58 of 66 checks passed
miker83z
deleted the
vm-lang/aa-auth/authenticator-and-package-metadata
branch
miker83z
added a commit
that referenced
this pull request
Dec 11, 2025
) This PR introduces the creation of a Package Metadata immutable object during a package publishing/upgrade. This allows to use such metadata to create `AuthenticatorInfoV1` instances for accounts. [Internal AA architecture document](https://iotafoundation.atlassian.net/wiki/x/EoBOng). Description: - every time a function uses the `#[authenticator]` annotation, the node’s publish/upgrade execution tries to create a `PackageMetadata` immutable object. - a new set of functions in the `iota-verifier` crate implement the checking of the requirements for a package metadata to be valid; the information for such validation is extracted from the package bytecode (see #9453) - `iota-verifier::verify_authenticate_func_v1` checks the correctness of the declared authenticate() function (that was previously annotated with - once the PackageMetadata immutable object is created, then the framework method `create_auth_info_v1` can be used as the only way to create an `AuthenticatorInfoV1` instance. - the `AuthenticatorInfoV1` struct includes the fields to uniquely identify a function on-chain: package id, module name, function name. - An Account object is an object with a dynamic field being a `AuthenticatorInfoV1`. - Then, to any user-created object, an `AuthenticatorInfoV1` can be “attached“. The only requirement is that the AuthenticatorInfoV1<T> is compatible with T, where T is exactly the type of the object set to become an Account. - [x] Basic tests (linting, compilation, formatting, unit/integration tests) - [x] Patch-specific tests (correctness, functionality coverage) - [x] I have added tests that prove my fix is effective or that my feature works - [x] I have checked that new and existing unit tests pass locally with my changes - [x] Protocol: Add the publish_package_metadata. This enables the creation of an immutable object at publish/upgrade time when some known attributes (e.g., the authenticator function attribute) are found in the source code. - [ ] Nodes (Validators and Full nodes): - [ ] Indexer: - [ ] JSON-RPC: - [ ] GraphQL: - [ ] CLI: - [ ] Rust SDK: - [ ] REST API: --------- Co-authored-by: Valerii Reutov <valeriy.reutov@gmail.com> Co-authored-by: Pavlo Botnar <pavlo.botnar@gmail.com>
miker83z
added a commit
that referenced
this pull request
Jan 19, 2026
) This PR introduces the creation of a Package Metadata immutable object during a package publishing/upgrade. This allows to use such metadata to create `AuthenticatorInfoV1` instances for accounts. [Internal AA architecture document](https://iotafoundation.atlassian.net/wiki/x/EoBOng). Description: - every time a function uses the `#[authenticator]` annotation, the node’s publish/upgrade execution tries to create a `PackageMetadata` immutable object. - a new set of functions in the `iota-verifier` crate implement the checking of the requirements for a package metadata to be valid; the information for such validation is extracted from the package bytecode (see #9453) - `iota-verifier::verify_authenticate_func_v1` checks the correctness of the declared authenticate() function (that was previously annotated with - once the PackageMetadata immutable object is created, then the framework method `create_auth_info_v1` can be used as the only way to create an `AuthenticatorInfoV1` instance. - the `AuthenticatorInfoV1` struct includes the fields to uniquely identify a function on-chain: package id, module name, function name. - An Account object is an object with a dynamic field being a `AuthenticatorInfoV1`. - Then, to any user-created object, an `AuthenticatorInfoV1` can be “attached“. The only requirement is that the AuthenticatorInfoV1<T> is compatible with T, where T is exactly the type of the object set to become an Account. - [x] Basic tests (linting, compilation, formatting, unit/integration tests) - [x] Patch-specific tests (correctness, functionality coverage) - [x] I have added tests that prove my fix is effective or that my feature works - [x] I have checked that new and existing unit tests pass locally with my changes - [x] Protocol: Add the publish_package_metadata. This enables the creation of an immutable object at publish/upgrade time when some known attributes (e.g., the authenticator function attribute) are found in the source code. - [ ] Nodes (Validators and Full nodes): - [ ] Indexer: - [ ] JSON-RPC: - [ ] GraphQL: - [ ] CLI: - [ ] Rust SDK: - [ ] REST API: --------- Co-authored-by: Valerii Reutov <valeriy.reutov@gmail.com> Co-authored-by: Pavlo Botnar <pavlo.botnar@gmail.com>
miker83z
added a commit
that referenced
this pull request
Jan 26, 2026
) This PR introduces the creation of a Package Metadata immutable object during a package publishing/upgrade. This allows to use such metadata to create `AuthenticatorInfoV1` instances for accounts. [Internal AA architecture document](https://iotafoundation.atlassian.net/wiki/x/EoBOng). Description: - every time a function uses the `#[authenticator]` annotation, the node’s publish/upgrade execution tries to create a `PackageMetadata` immutable object. - a new set of functions in the `iota-verifier` crate implement the checking of the requirements for a package metadata to be valid; the information for such validation is extracted from the package bytecode (see #9453) - `iota-verifier::verify_authenticate_func_v1` checks the correctness of the declared authenticate() function (that was previously annotated with - once the PackageMetadata immutable object is created, then the framework method `create_auth_info_v1` can be used as the only way to create an `AuthenticatorInfoV1` instance. - the `AuthenticatorInfoV1` struct includes the fields to uniquely identify a function on-chain: package id, module name, function name. - An Account object is an object with a dynamic field being a `AuthenticatorInfoV1`. - Then, to any user-created object, an `AuthenticatorInfoV1` can be “attached“. The only requirement is that the AuthenticatorInfoV1<T> is compatible with T, where T is exactly the type of the object set to become an Account. - [x] Basic tests (linting, compilation, formatting, unit/integration tests) - [x] Patch-specific tests (correctness, functionality coverage) - [x] I have added tests that prove my fix is effective or that my feature works - [x] I have checked that new and existing unit tests pass locally with my changes - [x] Protocol: Add the publish_package_metadata. This enables the creation of an immutable object at publish/upgrade time when some known attributes (e.g., the authenticator function attribute) are found in the source code. - [ ] Nodes (Validators and Full nodes): - [ ] Indexer: - [ ] JSON-RPC: - [ ] GraphQL: - [ ] CLI: - [ ] Rust SDK: - [ ] REST API: --------- Co-authored-by: Valerii Reutov <valeriy.reutov@gmail.com> Co-authored-by: Pavlo Botnar <pavlo.botnar@gmail.com>
miker83z
added a commit
that referenced
this pull request
Jan 27, 2026
# Description of change Enables Account Abstraction core features at the protocol level. [Internal AA architecture document](https://iotafoundation.atlassian.net/wiki/x/EoBOng). Main protocol changes: - feat(move): Add custom attributes #9453 - added a generic FlavoredAttribute which can then allow us to define new attributes within the iota_mode Move compiler part; - allow the insertion of specific metadata in the serialized compiled modules, i.e., bytecode (protocol feature flag `metadata_in_module_bytes`). - feat(execution): create a package metadata object at publish time #9461 - every time a function uses the `#[authenticator]` annotation, the node’s publish/upgrade execution tries to create a `PackageMetadata` immutable object; - a new set of functions in the `iota-verifier` crate implement the checking of the requirements for a package metadata to be valid; - once the PackageMetadata immutable object is created, then the framework method `create_auth_function_ref_v1` can be used as the only way to create an `AuthenticatorFunctionRefV1` instance. - the `AuthenticatorFunctionRefV1` struct includes the fields to uniquely identify a function on-chain: package id, module name, function name. - An Account object is an object with a dynamic field being a `AuthenticatorFunctionRefV1`. - feat: Add the MoveAuthenticator generic signature variant and enable AA transactions #9492 - introduced a new iota type to represent a new `GenericSignature` variant, that is the `MoveAuthenticator` type, and a execution path to authenticate an Account being the sender of a TX. - The `MoveAuthenticator` type has a unique field which is `call_args`; this is a vector of `CallArg` working similarly to the `ProgrammableTransactionBlock` inputs. - The `MoveAuthenticator` is used to pass the inputs to the move call indicated by the `AuthenticatorFunctionRefV1` found attached to the Account object. - This authentication job is performed by the Validator, which: (1) loads `MoveAuthenticator` input objects at a specific version; (2) then, executes the `authenticate()` function referenced by `AuthenticatorFunctionRefV1`, having no effects to store to the ledger.
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
8 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Description of change
This PR introduces the creation of a Package Metadata immutable object during a package publishing/upgrade. This allows to use such metadata to create
AuthenticatorInfoV1instances for accounts.Internal AA architecture document.
Description:
#[authenticator]annotation, the node’s publish/upgrade execution tries to create aPackageMetadataimmutable object.iota-verifiercrate implement the checking of the requirements for a package metadata to be valid; the information for such validation is extracted from the package bytecode (see feat(move): Add custom attributes #9453)iota-verifier::verify_authenticate_func_v1checks the correctness of the declared authenticate() function (that was previously annotated with #[authenticator])create_auth_info_v1can be used as the only way to create anAuthenticatorInfoV1instance.AuthenticatorInfoV1struct includes the fields to uniquely identify a function on-chain: package id, module name, function name.AuthenticatorInfoV1.AuthenticatorInfoV1can be “attached“. The only requirement is that the AuthenticatorInfoV1 is compatible with T, where T is exactly the type of the object set to become an Account.How the change has been tested
Release Notes